关联漏洞
描述
cve-2019-11510, cve-2019-19781, cve-2020-5902, cve-2021-1497, cve-2021-20090, cve-2021-22006, cve-2021-22205, cve-2021-26084, cve-2021-26855, cve-2021-26857, cve-2021–26857, cve-2021–26858, cve-2021–26865
介绍
# APT-Backpack
Most common used CVE's by APT, legitimate RAT and other tools used by adversary
## CVE's
- CVE-2019-11510 (Pulse Connect Secure 8.2 8.3 9.0) **Unauth file read**
- CVE-2019-19781 (Citrix ADC & Gateway) **Directory Traversal**
- CVE-2020-5902 (F5 Big IP) **RCE**
- CVE-2021-1497 (Cisco HyperFlex HX) **Unauth Command injection**
- CVE-2021-20090 (Buffalo WSR-2533DHP2 WSR-2533DHP3) **Unauth RCE**
- CVE-2021-22006 (Vmware vCenter Server) **Authentication bypass**
- CVE-2021-22205 (GitLab CE/EE) **RCE**
- CVE-2021-26084 (Atlassian Confluence) **Unauth RCE**
- CVE-2021-26855 (Microsoft Exchange Server) **RCE**
- CVE-2021-26857 (Microsoft Exchange Server) **RCE**
- CVE-2021-26858 (Microsoft Exchange Server) **RCE**
- CVE-2021-26865 (Microsoft Exchange Server) **RCE**
- CVE-2021-36260 (Hikvision) **Command Injection**
- CVE-2021-40539 (ManageEngine ADSelfService Plus) **API Auth bypass** -> **RCE**
- CVE-2021-41773 (Apache HTTP Server 2.4.49) **Path Traversal**
- CVE-2021-42237 (Sitecore XP 7.5) **Deserialisation** -> **RCE**
- CVE-2021-44228 (Apache Log4j) **RCE**
- CVE-2021-40444 (Microsoft Office) **RCE**
- CVE-2022-1388 (F5 BIG-IP) **RCE**
- CVE-2022-24112 (Apache APISIX 2.12.1) **RCE**
- CVE-2022-26134 (Atlassian Confluence) **RCE**
## Legitimate RAT (Remote Administration Tools) & Servers sockets
- Ammyy admin client v3 (windows) (This is caught by many defenses)
- Ngrok client (windows/linux)
## Exploitation
- Sysinternals suite
- PSTools
## Exfiltration
- XXD static (windows)
## Phishing
- Office document with warnings (enable content)
## Reverse shell
- Ncat OPENBSD
*Use it rightly, i'm not resposible about any bad use of this pack*
文件快照
[4.0K] /data/pocs/4f386e51f5a011fd42c5f7ebb6e8221b5f2b4eff
├── [4.0K] Ammyy admin client
│ └── [798K] AA_v3.exe
├── [ 70K] CVE-2019-11510.zip
├── [ 34K] CVE-2019-19781.zip
├── [ 16K] CVE-2020-5902.zip
├── [ 880] CVE-2021-1497.zip
├── [ 225] CVE-2021-20090.zip
├── [7.6M] CVE-2021-22006.zip
├── [1.7M] CVE-2021-22205.zip
├── [1.8K] CVE-2021-26084.zip
├── [2.5K] CVE-2021-26855.zip
├── [361K] CVE-2021–26857-58-65.zip
├── [2.5K] CVE-2021-26857.zip
├── [4.7K] CVE-2021-36260.zip
├── [ 58K] CVE-2021-40444.zip
├── [2.7K] CVE-2021-40539.zip
├── [2.4K] CVE-2021-41773.zip
├── [2.7K] CVE-2021-42237.zip
├── [5.0M] CVE-2021-44228.zip
├── [1.9K] CVE-2022-1388.zip
├── [2.1K] CVE-2022-24112.zip
├── [3.9K] CVE-2022-26134.zip
├── [572K] ncat.rar
├── [4.0K] Ngrok client
│ ├── [4.0K] Linux
│ │ ├── [7.8M] ngrok-v3-stable-linux-386.tgz
│ │ ├── [8.0M] ngrok-v3-stable-linux-amd64.tgz
│ │ ├── [7.5M] ngrok-v3-stable-linux-arm64.tgz
│ │ ├── [7.7M] ngrok-v3-stable-linux-arm.tgz
│ │ ├── [7.1M] ngrok-v3-stable-linux-mips64le.tgz
│ │ ├── [7.2M] ngrok-v3-stable-linux-mips64.tgz
│ │ ├── [7.2M] ngrok-v3-stable-linux-mipsle.tgz
│ │ ├── [7.3M] ngrok-v3-stable-linux-mips.tgz
│ │ ├── [7.3M] ngrok-v3-stable-linux-ppc64le.tgz
│ │ ├── [7.3M] ngrok-v3-stable-linux-ppc64.tgz
│ │ └── [7.8M] ngrok-v3-stable-linux-s390x.tgz
│ └── [4.0K] Windows
│ ├── [8.0M] ngrok-v3-stable-windows-386.zip
│ └── [8.1M] ngrok-v3-stable-windows-amd64.zip
├── [4.0K] Office Warnings
│ ├── [ 19K] DE-Excel.docx
│ ├── [ 19K] DE-Word.docx
│ ├── [ 15K] EN-Excel.docx
│ └── [ 15K] EN-Word.docx
├── [2.1K] README.md
├── [4.0K] Sysinternals
│ ├── [431K] Autologon64.exe
│ ├── [333K] Autologon.exe
│ ├── [502K] PsExec64.exe
│ ├── [430K] PsExec.exe
│ ├── [278K] pskill.exe
│ ├── [4.2M] PSTools.zip
│ ├── [4.2M] Sysmon64.exe
│ ├── [7.8M] Sysmon.exe
│ ├── [1.7M] tcpview64.exe
│ └── [1.3M] tcpview.exe
└── [4.0K] XXD windows
└── [ 27K] xxd-1.11_win32(static).zip
7 directories, 51 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。